Received: by 2002:a05:7412:8d10:b0:f3:1519:9f41 with SMTP id bj16csp550828rdb;
        Tue, 5 Dec 2023 12:34:45 -0800 (PST)
X-Google-Smtp-Source: AGHT+IEOmwvAbO/8Kkx99kIf5edASWApIABjjTT4W4vCz8oD9MpDgdMTzxjs6/1tlZuwLlTxblCI
X-Received: by 2002:ad4:470b:0:b0:67a:a4b9:b948 with SMTP id qb11-20020ad4470b000000b0067aa4b9b948mr1847078qvb.39.1701808485331;
        Tue, 05 Dec 2023 12:34:45 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1701808485; cv=none;
        d=google.com; s=arc-20160816;
        b=QCDAMfsUWTH6Yex8HewGhRlflU1S8nvMhSbX8p+UfOGna0YwVDXfyzuRr14c8uacmZ
         CObGSXRbasZYjYfsSNAL11EUTLsNairPo/uIH3clU4glNle62l35MzAwSpQs3f0o5EK3
         iN0kzaenFBRSleddegNJMDSckByWDIkjOUOYEQhEj01yIFXNHx4kDLOPoaVdj/cQXmqh
         5WdDZ53X/P1cir9yoLYc6FuuZ2+fM6yy4cKlfOhVxmEjnBntPopAHUgIbRPE6ppoxBwB
         xfN2oPTE+XYcD+P9IPQFCOIPVXew8CSBgL2h/cYT41yuSzkEPS00g1BNjOwNy7uI9m/Z
         MkHw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=in-reply-to:content-disposition:mime-version:list-unsubscribe
         :list-subscribe:list-id:precedence:references:message-id:subject:cc
         :to:from:date:dkim-signature;
        bh=o5zupC3MtbxZGdOAmCQMew5ZQ9X0bNsTWdRClhPkVa4=;
        fh=UDWDhAO7lJRReNZvubywdGsu9mvQhvlekph1HTPfwkE=;
        b=07bMeHfR2/aevU6+z/Tyd6fpM1HMXYgziTXffQ0rJnDyqSE3K6JEwyHpJLuvDVd7Rm
         0j/R1h4YtgQEe1C+e7IGgdP3cavgMZRYVBKZC3W2HFI0zpI239hpfQXIsGecNZ0zeWhE
         sbHPM40I4u5qtJ6xoFb8xF+AIBGIcNdx15mhrnmrVPg72wKuPdmylo0mu5F39SEJPvll
         7IJvdfF+XhyqtrsVeQdtx5Z5quCqJACga/9lZ5ROgcHWNBliq9vPsvCNZ1BvUUQQ36rt
         l4pIT9IrGls41xqbR76eiTi6IlJXgMXSD0mDFt/7NhysaMT3GzRmfqDqWmBWBwF0RcW2
         yVgQ==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@kernel.org header.s=k20201202 header.b=sFOoFwCU;
       spf=pass (google.com: domain of linux-crypto+bounces-580-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:45d1:ec00::1 as permitted sender) smtp.mailfrom="linux-crypto+bounces-580-linux.lists.archive=gmail.com@vger.kernel.org";
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org
Return-Path: <linux-crypto+bounces-580-linux.lists.archive=gmail.com@vger.kernel.org>
Received: from ny.mirrors.kernel.org (ny.mirrors.kernel.org. [2604:1380:45d1:ec00::1])
        by mx.google.com with ESMTPS id p9-20020a0cfd89000000b0067aa5ce6c2dsi9040909qvr.340.2023.12.05.12.34.45
        for <linux.lists.archive@gmail.com>
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Tue, 05 Dec 2023 12:34:45 -0800 (PST)
Received-SPF: pass (google.com: domain of linux-crypto+bounces-580-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:45d1:ec00::1 as permitted sender) client-ip=2604:1380:45d1:ec00::1;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@kernel.org header.s=k20201202 header.b=sFOoFwCU;
       spf=pass (google.com: domain of linux-crypto+bounces-580-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:45d1:ec00::1 as permitted sender) smtp.mailfrom="linux-crypto+bounces-580-linux.lists.archive=gmail.com@vger.kernel.org";
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org
Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by ny.mirrors.kernel.org (Postfix) with ESMTPS id 0485B1C2102E
	for <linux.lists.archive@gmail.com>; Tue,  5 Dec 2023 20:34:45 +0000 (UTC)
Received: from localhost.localdomain (localhost.localdomain [127.0.0.1])
	by smtp.subspace.kernel.org (Postfix) with ESMTP id 6683C68EA7
	for <linux.lists.archive@gmail.com>; Tue,  5 Dec 2023 20:34:44 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org;
	dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="sFOoFwCU"
X-Original-To: linux-crypto@vger.kernel.org
Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by smtp.subspace.kernel.org (Postfix) with ESMTPS id 3725A6DCE7
	for <linux-crypto@vger.kernel.org>; Tue,  5 Dec 2023 20:17:59 +0000 (UTC)
Received: by smtp.kernel.org (Postfix) with ESMTPSA id E5D17C433C9;
	Tue,  5 Dec 2023 20:17:58 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org;
	s=k20201202; t=1701807479;
	bh=+sOVuGQTHakB8VRJfxizueBU+kU+hnIPPk6ZDFu2jqY=;
	h=Date:From:To:Cc:Subject:References:In-Reply-To:From;
	b=sFOoFwCUMlw4eoBMqBmvRBvk8taIahIEAGV0JvGBPP7v1xrAmZj1nMD6ylXD2kDDH
	 0GAHaeqygoU/v6nHkgf8e5wdF0b/+uXEFnebtGGtsyG2ObT5Qd6U1pPoPImjTB/nIX
	 BROtoRk6NI/QBSeZkSvO3c33QRSs0TtMHvC4meWrZXirTwAsk2fWgctG3CPsOpheCz
	 Mscs81D0yenr+lumrxgNNEjM6HBwSVLCmZEp/JL/klPHb4DGbBqDjcL8jiQAj+5hPc
	 BsrTt9zadc7KxKWgoBbFDese0XYQXOrcTFfGnmZZnN4ZwRWTC3PweskiIsLeFHKUzV
	 yN0G+kpoQSRXg==
Date: Tue, 5 Dec 2023 12:17:57 -0800
From: Eric Biggers <ebiggers@kernel.org>
To: Herbert Xu <herbert@gondor.apana.org.au>
Cc: Linux Crypto Mailing List <linux-crypto@vger.kernel.org>,
	Ard Biesheuvel <ardb@kernel.org>
Subject: Re: [PATCH 4/8] crypto: skcipher - Add lskcipher
Message-ID: <20231205201757.GB1093@sol.localdomain>
References: <20230914082828.895403-1-herbert@gondor.apana.org.au>
 <20230914082828.895403-5-herbert@gondor.apana.org.au>
 <20230920062551.GB2739@sol.localdomain>
 <ZQvHUc9rd4ud2NCB@gondor.apana.org.au>
 <20230922031030.GB935@sol.localdomain>
 <ZW7iKEs+GNOrkvxf@gondor.apana.org.au>
Precedence: bulk
X-Mailing-List: linux-crypto@vger.kernel.org
List-Id: <linux-crypto.vger.kernel.org>
List-Subscribe: <mailto:linux-crypto+subscribe@vger.kernel.org>
List-Unsubscribe: <mailto:linux-crypto+unsubscribe@vger.kernel.org>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <ZW7iKEs+GNOrkvxf@gondor.apana.org.au>

On Tue, Dec 05, 2023 at 04:41:12PM +0800, Herbert Xu wrote:
> On Thu, Sep 21, 2023 at 08:10:30PM -0700, Eric Biggers wrote:
> > 
> > Yes, wide-block modes such as Adiantum and HCTR2 require multiple passes over
> > the data.  As do SIV modes such as AES-GCM-SIV (though AES-GCM-SIV isn't yet
> > supported by the kernel, and it would be an "aead", not an "skcipher").
> 
> Right, AEAD algorithms have never supported incremental processing,
> as one of the first algorithms CCM required two-pass processing.
> 
> We could support incremental processing if we really wanted to.  It
> would require a model where the user passes the data to the API twice
> (or more if future algorithms requires so).  However, I see no
> pressing need for this so I'm happy with just marking such algorithms
> as unsupported with algif_skcipher for now.  There is also an
> alternative of adding an AEAD-like mode fo algif_skcipher for these
> algorithms but again I don't see the need to do this.
> 
> As such I'm going to add a field to indicate that adiantum and hctr2
> cannot be used by algif_skcipher.
> 

Note that 'cryptsetup benchmark' uses AF_ALG, and there are recommendations
floating around the internet to use it to benchmark the various algorithms that
can be used with dm-crypt, including Adiantum.  Perhaps it's a bit late to take
away support for algorithms that are already supported?  AFAICS, algif_skcipher
only splits up operations if userspace does something like write(8192) followed
by read(4096), i.e. reading less than it wrote.  Why not just make
algif_skcipher return an error in that case if the algorithm doesn't support it?

- Eric